Playing around with a new self-host NAS OS, finally thought about Tailscale. But, I see it wants a login to an account. Checking online, seems I have to use Google, Apple, MS, Github or OIDC (which iassume costs money based on the site).

So how tf y’all setting to your tail scale stuff? I’m not using a big brother us tech account for auth on this thing. Think I’d rather go back to regular wireguard if that’s the case.

I avoided tailscale for so long because I was already using wireguard and I didn’t know you could self-host with headscale. But once I started using it with headscale the mesh design really is a big improvement to usability. I don’t miss having to carefully manage my config files and ip route rules.

I need to get setup with app connectors and then I think it’ll finally be a high enough wife-usability factor for me to remove some things I still have exposed over the internet.

Thanks for explaining. I really didn’t mean it as a Headscale v Tailscale. kind of thing as far as data security goes. I’ve heard a lot of great things about Headscale. OP was just worried about his data being compromised, and I was just pointing out that it’s pretty tight.

Please forgive any typos, my brian is still very much recovering. I’m not promoting anything cause nothing I’ve made yet is really worth much to anyone but my self,and everything is far from polished. I’m just sharing what I’m doing. In November ‘24, I had a mid level stroke. I’ve had issues with motor skills, headaches, and short term memory, but for the most part I’m doing quite well. For the last 6-8 months, I build a home server, (AMD 3700x, 64GB of RAM, 6TBNvME, and 2x 12TB HDD, old NVIDIA 2060. I setup up Jellyfin, ripped our 400ish Blu Rays, DVDs, and TV Shows. Setup Navidrone, and ripped our CDs, Home Assistant, AudoBookshelf, ConvertX, MeTube, and several other apps mostly discovered here. I also wrote my own app to track our large physical Media Collection that has a few api calls for pulling info about the items., a dashboard app in the style of the old iGoogle, and I’ve started working on 2 other apps, one to track medical information like blood pressure, glucose, doc appts, care team, medications, etc. The other app is for TTRPG GMs to run games that will basically be a digital GM Screen with a dozen or so tools.

I was a web developer for 20 years before the stroke so I had some previous entry level experience with this type of stuff, but not on this level. Mine was more for like corporate websites. My doctor believes this process has indeed sped up my recovery significantly. So this is just a post to say thanks for this community that has given me tons of ideas for things to try.

I hope you get better! Im not active in community, not even a tech savy. I also didnt come up with something to share with community but I like the homelabing hobby (or movement if I can call this like that).

Jellyfin is such a badass app! I borrowed huge DVD’s collection from my grandpa (he had a store back in days) so I have like a bunch of movies only on my Pi5 with Radax (wchich is my only homelab device lol).

Again. I hope you get better fellow stranger from the internet!

https://lemmy.wtf/pictrs/image/892020a1-63a3-45c3-b42b-722ab84085d7.gif

Been there done that. It’s much harder than it seems from this post. Your brain suffered severe damage, getting it to work again as good as possible takes huge amounts of energy and will power. Good job bro! (Watch yourself, don’t over do it)

I’ve been working on Habitat for the past two years. It all stemmed from this idea that I posted in April 2024.

Habitat is a free open-source, self hosted social platform for local communities. It is aimed at fostering local community discussions and discovery of areas of interest. This is why it is built primarily around location. A Habitat instance centers on a specific area, and the local community can make generic posts about that area, or they can make posts about specific locations in that area. More about what I’ve been building and the future plans here.

Features

• Habitat specification of location and size - enabling posts related to the local area
• Home feed - Displays the most recent posts
• Nearby feed - Displays posts sorted by proximity to the user
• Create posts - Upload photos, set locations, comments
• Categories - Location rules
• Amazon S3 image storage option
• Personalisation - Overrides Habitat defaults per user: kms/miles, hidden categories
• Moderation tools - User, post, comment moderation, block email addresses
• Announcements - Scheduled announcements
• Public moderation log - Keep moderator actions visible for 30 days

If you’re interest in this at all, please give it a spin and let me know how you get on. I’ll keep an eye here on Lemmy, but you can also post to the Habitat discussion board on GitHub.

Did you even understand the problem?

The answer is no, not yes.

Thanks for this. Regarding your point on on making people care, I’ve just written up a post that touches on this: https://feddit.uk/post/45292700

Federation is not yet built in, but I have a plan. There are some details here: https://carlnewton.github.io/posts/location-based-social-network/#connecting-instances

Tonight 😬

#kernel #Linux #proxmox #meme #homelab #selfhositng @homelab @selfhosted

The kernel can wait. Kernels are good at that.

My guess is it’s an Independent Beer Maker.

I’ve been self hosting traditionally in debian, but I would like to be able to add services easier using docker. As such, I’m looking to move to a container based architecture.

One place I struggle is that I can’t seem to find a good container where the default image supports ACME to support Let’s encrypt for automatic cert renewal.

For Nginx, I would have you build my container. HAproxy ACME support seems to be a shell script.

Any suggestions?

You can bake haproxy and acme.sh into a container yourself. Haproxy is hands down the best performing/least resource consuming RP. Dynamic management, like mimicing Traefiks service discovery, can be a bit tricky though. Yes, it doesn’t support ACME itself but once you get passed the “hello world” RP’ing and need something more advanced, like ACME DNS01, Haproxy with acme.sh is your buddy for life.

Npm and npmplus are great

Hey there, it’s me again with my cursed project. Last time is said “i basically reinvented Kubernetes”. But the voices won and I legit did.

Last time it was a cursed novelty. A random script made by some autistic dude with too much time on its hand.

Now it’s become its own project, with ecosystem and overpriced .io domain. For no reason other than : It’s cursed, but it works beautifully.

Every Kind is handled by its distinct code. Everything is pluggable, nothing is hardcoded. The next layer of hell is for someone else to write Docker Swarm extensions. Won’t be me.

I am, again, very sorry. Sorry for releasing this thing into the world as a complete, working, product.

And sorry for keeping spamming it. I will stop, i promises (the voices will never)

Ξέρεις την ελληνικά γλώσσα;

No, no hablo Griego.

Not in there: - https://github.com/dannymcc/bluehood (alpha) - https://github.com/p2r3/convert

Yep. I got an email from them yesterday. My lil box is going from just under 4 USD to 5 USD per month.

Yes but the RSS feed for non-subscribers is just the announcement of the post. I still have to go to the site to read the whole newsletter, which is fine.

I have a 56 TB local Unraid NAS that is parity protected against single drive failure, and while I think a single drive failing and being parity recovered covers data loss 95% of the time, I’m always concerned about two drives failing or a site-/system-wide disaster that takes out the whole NAS.

For other larger local hosters who are smarter and more prepared, what do you do? Do you sync it off site? How do you deal with cost and bandwidth needs if so? What other backup strategies do you use?

(Sorry if this standard scenario has been discussed - searching didn’t turn up anything.)

So being encrypted before transmission and at rest isn’t enough simply because someone at backblaze can send the encrypted files out to you on a HDD……..

lol

Nice ragebait.

I run Home Assistant in a virtual machine on my home server. Sometimes I need to restart it and I’m not always in a position to SSH or VNC in. Is there anything out there that would allow me to do this quickly?

Not looking for a workaround but thanks

OK now we’re talking! Thanks.

From time to time I like to review my network to see where I can tighten up. Review logs, check out the landscape, and make sure there are no gaps. Today, I have some downtime, so I figured it’d be a good for it. Since I am not a certified IT professional, this is what I have cobbled together reading, and seeing what others have done. I’d like to bounce this off you guys who are more experienced than I and get your impressions. If you have any recommendations, I’m always down to be schooled.

So if you’d like to participate in my audit, I have a home network as follows:

• Modem receiving IP from ISP. Modem to router. Router to stand alone pfsense firewall. Router has a 54 character complex password for WiFi. There are no guest provisions for WiFi.
• Pfsense firewall with pfblockerng & suricata running on both lan and wan, both with a full array of rules/feeds updated daily. pfsense has tailscale as an overlay vpn. Server traffic and PC traffic have their own VLAN provided by pfsense. My approach is to deny all until something complains and address that on a case by case basis. Additionally ntopng is utilized for traffic analysis. IPv6 is disabled.
• Server running Tailscale as an overlay VPN, UFW deny all posture, and fail2ban with an aggressive posture. Server has been hardened against Lynis spec where applicable. Not all recommendations apply to my server. Server is utilizing host deny/host allow and SSH keys.
• Server is utilizing containers for services.
• Server is using Cloudflare tunnel/zero trust.
• Server and pfsense communicate via Tailscale encrypted tunnel. PC/Phone/mobile device can communicate with pfsense via Tailscale.
• Server services are accessed via https.
• PC connected to pfsense firewall with same rules as server. PC is using a VPN with Cloudflare 1.1.1.¹⁄₁.0.0.1 for DNS queries. Firefox is using 1.1.1.¹⁄₁.0.0.1. Settings for Firefox are the strictest for Enhanced Tracking Protection, and DOH. HTTPS-Only mode enabled. PC is also running a soft firewall.
• All other devices such as phones, laptops, and tablets run a VPN with Cloudflare 1.1.1.¹⁄₁.0.0.1 for DNS queries.
• IoT devices are isolated. Phones are isolated. Smart TVs are isolated.

How secure would you say this network is and give any recommendations to further harden the network besides keeping up with current updates, monitoring and auditing logs.

Thanks

You’re ahead of an alarming number of my colleagues by just trying until you can get it working then documenting things

I have to document. At 71, with a TBI, my brain is not what it used to be. Sometimes I don’t even remember what I had for breakfast. LOL